Incorrect Conversion between Numeric Types
CVE-2023-3635
Summary
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to Denial Of Service of the Okio client when handling a crafted GZIP archive, by using the "GzipSource" class. This issue affects com.squareup.okio:okio versions prior to 3.4.0.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-681 - Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
References
Advisory Timeline
- Published